SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for mantisbt-2.19.0-2.1.noarch.rpm :
Fri Jan 11 13:00:00 2019 jweberhoferAATTweberhofer.at
- MantisBT 2.19
https://www.mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.19.0

* Updates: ADOdb, Guzzle, Slim Framework, PHPMailer,
Disposable Email Checker

* Fixed installation issue (memory_limit test fails when memory_limit
is set to -1, PHP 7.3 issue)

* Fixed authentication issues

* Improved form handling for password managers

* Fixed some UI issues

* Code cleanup
- Updated file lists, removed additional files not used in distribution

Thu Nov 29 13:00:00 2018 jweberhoferAATTweberhofer.at
- MantisBT 2.18

* Code Cleanup

* Plugin Columns - Export CSV or Excel - PHP 7.2.7 - crash error 500

* Changes to project_view_state and view_state to create only private projects

* Missing fallback for \"Open Sans\" font

* Error Creating Issue with new TAG

* Performance enhancements of string processing
- MantisBT 2.17.2

* CVE-2018-17783: XSS in manage_filter_edit_page.php

* CVE-2018-17782: XSS in manage_filter_page.php

Mon Oct 1 14:00:00 2018 jweberhoferAATTweberhofer.at
- MantisBT 2.17.1
CVE-2018-16514: Reflected XSS in view_filters_page.php via core/filter_form_api.php
- MantisBT 2.17.0
https://www.mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.17.0
This is a selection of improvements among many others:

* better visibility of relationships

* search for users in the administration

* REST and SOAP API improvements

Fri Sep 14 14:00:00 2018 astiegerAATTsuse.com
- MantisBT 2.16.1:

* CVE-2018-14895: XSS in bug_actiongroup.php

Mon Aug 6 14:00:00 2018 jweberhoferAATTweberhofer.at
- MantisBT 2.16.0
https://www.mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.16.0

* ui
- Local copy of Open Sans font does not include Latin-ext characters
- Fonts are not rendered correctly in Windows clients
- Font = Times News Roman after Upgrade from v2.7.0

* upgrade
- Improve handling of unserialize errors when upgrading
- Error in upgrade process 1.2.17 --> 1.3.0

* performance
- Unneeded information in Change Log and Roadmap
- Performance enhancement of config_get_global function

* timeline
- Missing display of events in Timeline if All Projects is selected

* code cleanup

Thu Jun 28 14:00:00 2018 jweberhoferAATTweberhofer.at
- MantisBT 2.15.0
https://www.mantisbt.org/bugs/changelog_page.php?version_id=321

* filters
- Cannot save private filter if not allowed to save shared filter
- show_user_realname_threshold is not considered when sorting by reporter or handler

* bugtracker: Incorrect issue status setting when changing status

* wiki: URL encoding precludes reasonable wiki root_namespace values

* tagging: Exception Missing Class

* security: Update-Blocker:User-ID instead of Realname 0024139 as due
to security policy requirements which prohibit IDs in mails and masks

* ui
- Selecting users is not easy if show_realname is set to ON
- $g_show_realname for making usernames private

* other: System warning if $g_log_destination = \'page\' when using PHP 7.2

* api soap: Error while querying for issue header with PHP 7.2

* api rest: Support create project versions via REST API

* performance: Unneeded <meta> tag in <head> section
- Removed unused adodb scripts
- Don\'t package several test-cases from sub-packages as well
as vendor/phpunit. As the mantisbt test-cases are not in the upstream package
we don\'t run any checks.

Tue May 15 14:00:00 2018 jweberhoferAATTweberhofer.at
- MantisBT 2.14.0
https://www.mantisbt.org/bugs/changelog_page.php?version_id=316

* IssueAddCommand Prevents API Folder Removal

* Update ADOdb to 5.20.12

* E_DEPRECATED error on php7.2: each() function

* Update Slim Framework from 3.8.1 to 3.9.2

* Update GuzzleHttp from 6.3.0 to 6.3.2

* Wrong documentation of datetime_picker_format in Admin Guide

* Wrong documentation of my_view_boxes in Admin Guide

* Support getting a single project via REST API

* Plugin priority changed without being changed by user interaction
- MantisBT 2.13.2
https://www.mantisbt.org/bugs/changelog_page.php?version_id=319

* CVE-2018-9839: Private issues accessible to unauthorized users using
the \"Clone\" functionality

* Markdown quoting rendered with broken HTML

* email: Inconsistent realname display

* REST API:
- Get all filter or specific filter returns incorrect information
- REST API returns too much info for default category handler
- Don\'t show category default handler for users that can\'t manage the project

* api soap: API method mc_filter_get does not work

* mb_internal_encoding no longer being set because of removal utf8 library

* SYSTEM WARNING \'count(): Parameter must be an array or an object that
implements Countable\' in \'IssueNoteAddCommand.php

Thu Apr 5 14:00:00 2018 jweberhoferAATTweberhofer.at
- MantisBT 2.13.1
https://www.mantisbt.org/bugs/changelog_page.php?version_id=317

* Fixed broken rendering of AATT mentions, # issue and ~ note links
- MantisBT 2.13.0
https://www.mantisbt.org/bugs/changelog_page.php?version_id=315

* Filter improvements

* Support adding attachments when reporting issues

* Several REST and SOAP API improvements

* Can\'t login if admin directory has restricted access

* Filtering with \"note by\" shows results from private notes for unprivileged users

* Entering Emojis in comments with a user mention crashes with an error (mysql)
- MantisBT 2.12.1
https://www.mantisbt.org/bugs/changelog_page.php?version_id=314

* Account page required change password on any field modification

* Username (Realnames) format not showing on timeline (my_view_page)

* Wrong color of username in timeline

* History entries display realname instead of username
- MantisBT 2.12.0
https://www.mantisbt.org/bugs/changelog_page.php?version_id=312

* Improvements to menioning users with AATTuser

* Language updates

* User realname uniqueness check doesn\'t work

Wed Feb 14 13:00:00 2018 jweberhoferAATTweberhofer.at
- MantisBT 2.11.1

* https://www.mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.11.1

* Bugfix: REST API doesn\'t work from UI for some users

* Bugfix: Warning message on login page after new installation

Fri Feb 9 13:00:00 2018 jweberhoferAATTweberhofer.at
- Removed vendor/adodb/adodb-php/server.php file which isn\'t required
but leads into CVE-2018-6382 and bsc#1078308
- Require fileinfo extension
- MantisBT 2.11.0

* https://www.mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.11.0

* Administration:
- Allow unprotecting protected users
- Other fixes

* REST API:
- Added handling of tags, users, relationships, monitoring,
attachements, time-tracking

* Reports:
- Several improvements

* Installation fixes

* Further improvements and code-cleanups

Thu Feb 8 13:00:00 2018 astiegerAATTsuse.com
- MantisBT 2.10.1, a bugfix and security release:

* unable to create a bug with customfields via SOAP

* Wrong constructor name in class FilterConverter

* Resolving as duplicate does not add reporter and handler to
monitoring list of duplicate issue

* CVE-2018-6403: XSS in adm_config_report.php \'value\' parameter

Tue Jan 30 13:00:00 2018 jweberhoferAATTweberhofer.at
- Update to 2.10.0

* https://www.mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.10.0

* REST API: Filter improvements

* Fixes in time-tracking

* Further fixes and refactorings

Tue Dec 19 13:00:00 2017 jweberhoferAATTweberhofer.at
- Update to 2.9.0

* https://www.mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.9.0

* fixes and refactorings

* REST API ipmrovements

Fri Nov 3 13:00:00 2017 jweberhoferAATTweberhofer.at
- update to 2.8.0

* https://www.mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.8.0

* fixes

* REST API: updates, on by default

* DKIM support for E-Mail signing
- REST API requires php-soap
- MatisBT requires php 5.5.0+

Sat Oct 14 14:00:00 2017 astiegerAATTsuse.com
- update to 2.7.0:

* ui rendering fixes

* performance improvements

* fixes related to custom fields and filters

Tue Sep 19 14:00:00 2017 jweberhoferAATTweberhofer.at
- MantisBT 2.6.0
REST API

* projects doesn\'t return child projects (vboctor)

* Notes returned by /issues REST API have incorrect timestamps (vboctor)

* Support adding/deleting notes via REST API (vboctor)

* Support issue id as part of the path for REST API (vboctor)
Attachments

* Can\'t open image attachments in browser windows (dregad)
Bugtracker

* AJAX calls with invalid endpoints fail with syntax error (dregad)

* bug_actiongroup_page, on copy, & move, poject combo lists projects wich the user has no rights (cproensa)

* Update GuzzleHttp from 6.2.3 to 6.3.0 (vboctor)

* Sutomization

* Custom fields badly filtered when multi-projects (cproensa)

* Field is appearing in email notification but not used in UI. (joel)
E-Mail
Update disposable-email-checker to v3.0.1 using Composer (vboctor)

* Update PHPMailer v5.2.23 to v5.2.24 (vboctor)

* Removing \"Report an issue\" permission removes user from Monitoring filter dropdown (atrol)

* Due date field not displayed correctly when editing ticket (community)

* Unused code and unused CSS delivered for obsoleted functionality (atrol)

* Unused CSS delivered (atrol)
Markdown

* Update Parsedown 1.6.2 to 1.6.3 (vboctor)
Performance

* Project cache is not efficient with navbar project selection. (cproensa)

* Unused and inefficient code in function layout_print_sidebar (atrol)
Time Tracking

* Enabling Time Tracking distorts View Issue Details page layout. (cproensa)

* Issue history box is narrower than other boxes above it on View Issue page (cproensa)

* Time Tracking \"auto count\" is giving the wrong elapsed time (dregad)

* Time tracking report excludes issues with no category assigned (cproensa)

* Unable to access time tracking reports (atrol)
UI

* \'Manage Configuration\' tab usually does not highlight (dregad)

* \"notify user\" check should be moved outside the form (cproensa)

* Calendar doesn\'t show the correct date the first time it opens (dregad)

* Display of hardcoded string on view_user_page if e-mail address is empty (atrol)

* Graph display is too faint and blurred (atrol)

* print_manage_menu() does not highlight active plugin pages (dregad)

* Questionable display of \"Access Denied\" on view_user_page (atrol)

* Questionable order and functionality of top buttons on \"View Issue\" page (atrol)

* The required fields are not explicitly visible when updating, resolving or closing an issue (community)

* When specifiying top_buttons display, the button on update screen has no styling. (atrol)

Mon Sep 4 14:00:00 2017 astiegerAATTsuse.com
- MantisBT 2.5.2:

* Login page no longer warns about \'admin\' directory being present

* Checks on login page are never executed if \"admin\" dir does not exist

* Improve doc and notifications when admin dir is present (CVE-2017-12419)

* drop patches:
CVE-2017-12061.patch CVE-2017-12062.patch
- make mantis a versioned provides capability

Tue Aug 1 14:00:00 2017 astiegerAATTsuse.com
- Fix two XSS vulnerabilities:

* CVE-2017-12061: XSS in /admin/install.php script (bsc#1051697)
add CVE-2017-12061.patch

* CVE-2017-12062: XSS in manage_user_page.php (bsc#1051698)
add CVE-2017-12062.patch

Tue Aug 1 14:00:00 2017 astiegerAATTsuse.com
- MantisBT 2.5.1:

* REST API improvements, SOAP API fixes

Mon May 22 14:00:00 2017 astiegerAATTsuse.com
- MantisBT 2.4.1:

* Support Generic Authentication through Plug-ins

* various fixes and improvements

Mon Apr 17 14:00:00 2017 astiegerAATTsuse.com
- MantisBT 2.2.4:

* CVE-2017-7615: Account verification page allows resetting any
user\'s password (bsc#1034333)
- includes changes from 2.2.3:

* Sorting all bugs list using a column header after applying a
filter resets the filter

* Permalink does not work with \"Note By\"

* Filter error due to \"view status\" having an array value

* Regression in custom field sorting

* CVE-2017-7309: XSS in adm_config_report.php (bsc#1031807)

* CVE-2017-7241: XSS in move_attachments_page.php (bsc#1031807)

* Markdown starts heading in the middle of a line

* Markdown still converting \'& amp;\' to & and \'& lt;\' to <
- includes changes from 2.2.2:

* CVE-2017-6973: XSS in adm_config_report.php (bsc#1031807)

Mon Mar 20 13:00:00 2017 astiegerAATTsuse.com
- MantisBT 2.2.1:

* various improvements and bug fixes

* fix XSS in Source Integration Plugin (CVE-2017-6958)

* fix XSS in bug change status page (CVE-2017-6797)

* fix XSS in view filters pages (CVE-2017-6799)

Thu Jan 19 13:00:00 2017 branislav.havelAATTsuse.com
- MantisBT 2.0.0
- package moved to mantisbt

* System utilities page for moving attachments should support move
all attachments

* Replace jscalendar by a newer widget

* Incorrect text for the remove file button in the file upload dropzone

* Section 2.2.2.1 Admin Guide: Misaligned row in Table

* Missing leading zeroes in due date display

* datetime picker does not work if \'cdn_enabled\' is ON

* Due Date calendar icon wraps below the field

Thu Jan 5 13:00:00 2017 astiegerAATTsuse.com
- MantisBS 1.3.5:

* security fix: Potentially serious RCE vulnerability in bundled
PHPMailer before 5.2.18 (CVE-2016-10033)

* performance improvements, bugfixes, UI fixes and improvements
- MantisBS 1.3.4:

* security fix: Handlers(Assignees) are visible when editing an
issue even if they are not visible when viewing it

* performance improvements, bugfixes, UI fixes and improvements

Mon Oct 31 13:00:00 2016 astiegerAATTsuse.com
- MantisBT 1.3.3, a bugfix release:

* various fixes for bugs in the UI, behavior and code

* documentation updates

Sun Oct 30 13:00:00 2016 astiegerAATTsuse.com
- MantisBt 1.3.2, a bugfix update:

* documentation updates

* Various bug fixes and compatible feature updates

* Fix Invalid Strict-Transport-Security header when server would
already send it anyway

Thu Sep 1 14:00:00 2016 astiegerAATTsuse.com
- MantisBt 1.3.1, a security and bugfix update

* CVE-2016-7111: Content Security Policy is weakened by Gravatar plugin

* CVE-2016-6837: XSS vulnerability in view_all_bug_page.php

* various bug fixes

Tue Jul 12 14:00:00 2016 astiegerAATTsuse.com
- MantisBT 1.3.0, a security and feature update
- New features:

* AATT mentions support

* Support for avatar plugins - shipping Gravatar out of the

* Support for user lifecycle plugin events

* Allow administrators to impersonate users

* Support for notes and tags as columns to configure for view
issues, print issues, csv/excel export

* Support for login using email address

* Enforcing email uniqueness

* Enable configuration for email notifications for category owner

* Re-implemented parsing of complex configuration types for
Configuration Report

* Tagging directly from report issue page

* Timeline feature

* Users can now generate API tokens

* Anti-spam feature to limit the number of issues from new users

* Memo custom fields

* jQuery and jQueryUI are now included in core

* PHP version compatibility up to PHP 5.6 and PHP 7.

* Better generated HTML, relying on CSS instead of inline styles
and reducing use of tables for layout

* HTML5 doctype – Lots of improvements to generated markup.

* Out-of-the-box support for Oracle (oci8)

* Greatly enhanced support for PostgreSQL

* Improved installation and admin utilities (system check, tools)

* Mechanism to prevent concurrent updates to the same issue

* Detailed filters hidden by default

* Improved XmlImportExport core plugin

* Bigger e-mail and realname fields

* Improved documentation, migrated to Publican

* Improved email notifications when an issue is unassigned or re-assigned

* Support attaching files while adding a note + attaching multiple files with same name

* Added new log level LOG_EMAIL_VERBOSE.

* Extensibility, add more events
- Security fixes:

* CVE-2016-5364: Reflected XSS inside
manage_custom_field_edit_page.php [boo#984334]

* Cannot change password in second enter to verification page

* bugnote actions in view bug page should send data as POST

* CVE-2014-9759: SOAP API can be used to disclose confidential settings

* CVE-2014-9572: Improper Access Control in install.php

* CVE-2014-9571: XSS in install.php

* CVE-2015-1042: URL redirection issue

* CVE-2014-9573: SQL Injection in manage_user_page.php

* PHP remote code execution in install.php

* CVE-2014-9701: XSS vulnerability in permalink_page.php

* Registrations by bots via captcha exploit

* Support Content-Security-Policy (CSP) per W3C specification

* install.php: do not send the value of crypto_master_salt over http

* Redirect user to change password if logged in with default admin password

* plugins directory must be secured/fixed

* Provide additional random number generators

* allow_reporter_reopen lets reporter make any update, not just reopen

* Add support for Strict-Transport-Security header

* Improve random number generation with openssl_random_pseudo_bytes

* Do not allow to send a reminder on a private issue to users under threshold

* Remove input side XSS validation of user real names

* When user reports an issue, the unpermitted project can be selected

* Remove all inline JavaScript from MantisBT (use external scripts instead)
- Deprecated Features:

* Custom Functions in favor of Plugins

* DB2 support – removed in 2.0.x

* News feature – already deprecated

* Time tracking – already deprecated

* Project Docs – already deprecated

* Sponsorships – already deprecated
- Removed Features:

* Built-in source code integration support

* FTP for attachments

* Removed nusoap in favor of native php soap extension

* Removed feature extended project browser

Mon Feb 23 13:00:00 2015 astiegerAATTsuse.com
- MantisBT 1.2.19:
This release resolves 5 security issues and fixes 2 regressions
introduced in 1.2.18.

* [security] CVE-2014-9573: SQL Injection in manage_user_page.php

* [security] CVE-2014-9624: CAPTCHA bypass is way easier than it should be

* [security] CVE-2015-1042: URL redirection issue

* [security] CVE-2014-9571: XSS in install.php

* [security] CVE-2014-9572: Improper Access Control in install.php

* [bugtracker] Reporting an issue gives: \'Invalid argument supplied for foreach()\' in \'/opt/mantisbt-1.2.18/core/gpc_api.php\' line 259

* [email] Order of notes in email notifications seem to be based on user who triggered the action

* [bugtracker] Fix handling of due dates

* [administration] Installer UI tweaks

* [bugtracker] Sort bug notes by date, not by ID

* [authentication] User creation with captcha broken by fix for issue 0017811
- includes changes from MantisBT 1.2.18:
This release resolves 23 security-related bugs and vulnerabilities:

* 7 Cross-Site Scripting (XSS) issues

* 2 Code injection issues

* 2 SQL injection (XSS) issues

* 5 Information disclosure issues
- 7 Other security issues

* [security] CVE-2014-8986: adm_config_report.php filtering does not check config option is valid

* [security] CVE-2014-9117: CAPTCHA bypass

* [security] CVE-2014-9089: SQL injection in view_all_set.php

* [security] Multiple vulnerabilities in MantisBT

* [security] CVE-2014-9279: Db Credentials leak via unattended upgrade script

* [security] CVE-2014-9281: Reflected XSS in admin panel / copy_field.php

* [security] CVE-2014-9271: Persistent XSS in file uploads/attachments

* [security] CVE-2014-9280: PHP Object Injection in filter API

* [security] CVE-2014-9272: XSS in string_insert_hrefs allows script execution

* [security] CVE-2014-6316: URL redirection issue

* [security] Emails on relations is send to people who cannot see the related issue

* [security] CVE-2014-8553: SOAP API: leak of user personal information

* [security] Login_page.php: Ensure username is valid

* [security] CVE-2014-6387: Null byte poisoning in LDAP authentication

* [security] CVE-2014-8988: Attachments can be downloaded without permission

* [security] Prevent unauthorized users setting handler when reporting issue

* [other] Incorrect $specific_where

* [documentation] Code allows display of Resolution and Status in bug report page, but doc says it\'s not allowed

* [code cleanup] Use of deprecated PREG_REPLACE_EVAL (\'e\') pattern modifier

* [attachments] Warning in bug report when attachments are disabled

* [attachments] Debug output displayed when adding files

* [bugtracker] proj_doc_update.php on document update crashes if new file is not uploaded

* [bugtracker] Missing error param when updating project doc

* [filters] Column summary of the free text search is not prefixed by table (filter_api)

* [bugtracker] Default profile doesn\'t work

* [security] No Errors shown at all if error_reporting=0 configured at server

* [bugtracker] Invalid category check is not made

* [news] News section shouldn\'t show in permissions report when feature is disabled

* [api soap] Handler can be set without having appropriate access rights

* [db mssql] Graph « Cumulative by date » is not displayed in Summary > Advanced Summary

* [migration] Import plugins should be able to set last_updated field to a date in the past

* [bugtracker] Issue history show date submitted and last updated as integers rather than dates

* [bugtracker] New BugData object due_date should be blank

* [plug-ins] XML import plugin only replaces links in \'description\'

* [security] CVE-2014-7146 : PHP Code Injection Vulnerability in XmlImportExport plugin

* [security] Attachments displayed in history despite user not authorised to view them

* [api soap] mc_issue_update() email notification doesn\'t include added notes

* [security] CVE-2014-8598: XML plugin should restrict ability to import data

* [api soap] CVE-2014-8554: SQL injection in SOAP API

* [security] CVE-2014-9269: XSS in extended project browser

* [security] CVE-2014-8987: XSS in adm_config_report.php

* [security] CVE-2014-9270: Stored XSS in Mantis

* [email] Disposable library triggers PHP STRICT warnings

* [news] Not possible to set \'announcement\' flag when editing News
- Fix XSS in adm_config_report.php
- mantisbt-1.2.19-CVE-2015-2046.patch CVE-2015-2046 [boo#919035]

Wed Oct 8 14:00:00 2014 andreas.stiegerAATTgmx.de
- MantisBT 1.2.17:

* undefined function db_params() in core/news_api.php

* The bug_get_bugnote_count() function in the bug API always
returns 0

* duplicate \"
* [security] CVE-2014-2238: SQL injection vulnerability in
adm_config_report.php
- includes changes from 1.2.26, including:
[security] CVE-2014-1609: SQL injection vulnerabilities

* [security] CVE-2014-1608: soap:Envelope SQL injection attack

* [security] When $g_limit_reporters = ON; it is still possible
to change reporter

* [security] CVE-2013-4460: XSS in account_sponsor_page.php
project names

* For a full list, see
http://www.mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=1.2.16
- clean up spec file
- verify source signature

Thu Aug 8 14:00:00 2013 robert.munteanuAATTgmail.com
- Rename changes file to package name
- Do not package the root directory in both main and -install
package
- Update summary and description
- Do not package build and test files
- Corrected license name

Fri Oct 7 14:00:00 2011 mrdocsAATTopensuse.org
-Update to 1.2.8
+numerous bugfxes and security updates
- Versioned changelogs 1.2.4 - 1.2.8:
- http://www.mantisbt.org/bugs/changelog_page.php?version_id=139
- http://www.mantisbt.org/bugs/changelog_page.php?version_id=138
- http://www.mantisbt.org/bugs/changelog_page.php?version_id=137
- http://www.mantisbt.org/bugs/changelog_page.php?version_id=114
- http://www.mantisbt.org/bugs/changelog_page.php?version_id=133
- renamed spec file to eliminate rpmlint warning

Wed Jan 12 13:00:00 2011 nixAATTopensuse.org
- Update to version 1.2.4
- Delete useless .gitignore
- Disable rpmlint check for zero length
*.html files
- change file ownership to root instead of apache!!

Fri Jun 11 14:00:00 2010 rpmsAATTilmi.fi - 1.2.1
- Update to version 1.2.1

Mon Mar 8 13:00:00 2010 nixAATTopensuse.org
- Update to version 1.2.0
- Migrate changelog to changes file


  
ICM